[OSM-dev] OpenID for OpenStreetMap?
zerebubuth at gmail.com
Thu Feb 10 19:24:32 GMT 2011
On Thu, Feb 10, 2011 at 7:11 PM, Serge Wroclawski <emacsen at gmail.com> wrote:
> I think the conversation is really two different questions.
> First is the original question about OpenID in the context of OSM and
> the other is about OpenID support generally.
> I think part of the feeling for a need for OpenID in OSM is about the
> fact that for several of our services, authentication isn't unified.
> That is the wiki credentials don't map to the OSM API credentials.
> help.osm does though. It's confusing.
i might be missing the point here, but are you suggesting that OSM
would be an openID provider, consumer or both?
i had thought that the discussion was limited to being an openID
consumer - i'm not sure we'd want to be a provider, with all that it
> The second issue is OpenID support in general.
> MHO on the issue is that while it might seem that OpenID support is
> great and widely useful, I think there are a number of implementation
> issues and concerns which are really hard to overcome.
> For example, how does one handle OpenID with an API? This has been
> discussed in other contexts, and unfortunately there's no good single
my understanding is that openID would be usable on the website to
generate an OAuth token, which would then be used to access the API.
this seems like a good enough solution to me, but i could be missing
> I personally believe OpenID is a great idea, but as Tom and others
> point out, the devil's in the details.
> OTOH the former issue, of a unified authentication mechanism- that's
> not technically hard (for the most part)- that's just a lot of work
> and a lot of disruption to the community while the transition takes
the devil's in the details and the SMOP. for instance, case
sensitivity of usernames, allowable characters, length and other
conditions. iirc, this wasn't a big deal when the wiki was set up, and
many people signed up with the same username. but since then things
have drifted a little bit (including the slightly inadvertent switch
to case-sensitive usernames for the main site) and it seems like way
more trouble than it's worth to transition now.
> That is, I'm sure the technical team knows how to solve it, but as
> someone whose completed a user authentication merge, I can tell you
> that it's painful. It's especially painful on something like a wiki,
> where not only must a user remapping take place, but that user mapping
> must be applied to each and every page.
> I think for new services (like help), we've solved the issue, but we
> may have to either accept the pain of the current situation for the
> wiki, or get buy in from the community for the disruption any change
> would cause.
> - Serge
> dev mailing list
> dev at openstreetmap.org
More information about the dev